<?php
    // This is used to save a page, both with ajax and with the normal update pages.
    // INPUT: $_POST[]
    // OUTPUT: As per the passed folio_redirect class options.
    // SIDE EFFECT: Store _POST in database after authenticating user permissions


    require_once("../../../includes.php");
    require_once("../view/page.php");
    require_once("../model/page_permission.php");
    require_once("../view/PageEditor.php");

    require_once("../model/user.php");
    require_once("../model/tags.php");
    require_once("../redirect.php");

    if ( !isloggedin() ) {
        trigger_error('You must be logged in to update this page.', E_USER_ERROR);
    }

    // Load the response data that tells us what to do next.
    $redirect = folio_redirect::parse( $_POST );
    if( !$redirect ) {
        trigger_error('Redirect information not passed to page_update.php', E_USER_ERROR);
    }

    // Find out what data has been posted that matches fields in page.
    $page = folio_page::SelectWherePageIdent( intval( $_POST['page_ident'] ) );
    $created = 0;
    if( isset( $_POST['created']))
        $created = intval( $_POST['created']);

    // Pull up the appropriate user.  If page exists, then use that.  Else, look at the
    //      post vars for user_ident.  Need that var for testing permissions.
    if( !$page ) {
        // New page.  Fail, as this can only update.
        trigger_error('Invalid page ' . intval( $_POST['page_ident'] ) .
            ' passed to page_update.php', E_USER_ERROR);
    } elseif ( $page->created != $created AND $page->format_ident <> 2 ) {
        // Test for race condition, where a user has edited and saved already.  Only applicable for wiki,
        //      as portfolio has a ton of ajax calls.
        //        Add a message.
        /*
        $redirect->message = '<b>' . __gettext(
            'WARNING:  Another user changed the page in the time that you were ' .
            'editing it.  Please click on the "History" menu option to view or restore their version.'
            ) . '</b>';
            */
            // NOTE: Need to redo the above after draft functionality is in place.
    }

    // Load user.
    $user = folio_user::SelectWhereIdent( $page->user_ident );

    // Test permissions
    if( !$page->Permission('update') ) {
        trigger_error("You do not have permission to update page {$page->page_ident}.",
            E_USER_ERROR);
    }

    // The set of fields not allowed to be updatd by grabbing from POST vars beyond this point.
    $avoid_fields = array( 'page_ident', 'user_ident' );

    // Look to see if we're updating a single field, or an entire record.
    if ( isset($_POST['content']) ) {
        // Updating a single field.

        $field = $redirect->echo;

           // Updating the page.
        $page->$field = $_POST['content'];
        $page->Update();

    } elseif( isset($_POST['parentpage_ident'] )
             AND isset($_POST['folio_redirect_echo'])
             AND $_POST['folio_redirect_echo'] == 'parentpage_title' ) {
        // Updating parent page information

        $parentpage_ident = intval( $_POST['parentpage_ident']);

        $parentpage = folio_page::SelectWherePageIdent($parentpage_ident);
        if( $parentpage == false )
            trigger_error('Invalid parentpage_ident value "' . $parentpage_ident .
                          '" passed to page_update.', E_USER_ERROR);

        $page->parentpage_ident = $parentpage_ident;
        $page->Update();

        // Add the title property to the page for redirect
        $page->parentpage_title = $parentpage->title;

    } elseif( isset($_POST['accesslevel'] ) AND isset($_POST['global'] ) ) {
        // Updating security information

        $accesslevel= folio_clean( $_POST['accesslevel']);

        $global = $_POST['global'];
        if( $global == 'on')
            $global = true;
        else
            $global = false;

        folio_PageEditorSecurity::htmlUpdateFromPost( $page, $accesslevel, $global );

        // Add the accesslevel property to the page for redirect
        $page->accesslevel = $accesslevel;

    } else {
        // Updating the entire record.

        // If there are any matching POST variables with the same name as a public variable,
        //      then go ahead and update the page variable.
        foreach ($page as $n => $v ) {
            if( !in_array( $n, $avoid_fields ) AND isset( $_POST[$n] ) ) {
                $page->$n = $_POST[$n];
            }
        }

        // Update data
        if ( !$page->Update() ) {
            trigger_error('Error: Unable to save page record.', E_USER_ERROR);
        }

        // Update tags
        $tags = folio_clean( $_POST['tags'], array( ',', ' ' ));
        folio_tags::Update( $page, $tags );


    } // IF: Updating entire record or a single field

    // Perform the required redirect actions.
    //      This can send a header var to go to a new page, echo values, ...
    $redirect->PerformRedirectActions( $page );

?>
